Home > Vulnerability Database > CVE-2025-2591

Mend.io Vulnerability Database

CVE-2025-2591

Date: March 21, 2025

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwidth/skinheight leads to divide by zero. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd. It is recommended to apply a patch to fix this issue.

Severity Score

4.3

Related Resources (10)

Url: https://vuldb.com/?submit.517781

Url: https://github.com/assimp/assimp/issues/6009

Url: https://github.com/assimp/assimp/issues/6009#issue-2877367021

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-2591

Url: https://vuldb.com/?ctiid.300574

Url: https://vuldb.com/?id.300574

Url: https://security-tracker.debian.org/tracker/CVE-2025-2591

Url: https://github.com/assimp/assimp/pull/6047/commits/ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd

Url: https://github.com/assimp/assimp/pull/6047

Url: https://www.mend.io/vulnerability-database/CVE-2025-2591

Severity Score

4.3

Weakness Type (CWE)

Divide By Zero

CWE-369

Improper Resource Shutdown or Release

CWE-404

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2025-2591

Date: March 21, 2025

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?